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^ START ^ 



INDIVIDUAL 
COMPUTER 
INSTALLS CLEAN 
RUNTIME 
COMPONENT 



510 



CLEAN RUNTIME 
COMPONENT PERFORMS 
COMPLIANCE CHECK UPON 
INITIAL EXECUTION AND 
DEPENDING ON RESULTS 
FROM COMPLIANCE CHECK 
TAKES EITHER ASSIGNMENT 
OF SELF-GOVERNANCE 
ACTION (SEE FIG. 6) 
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END 



Fig.S. 
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CHECK FOR 
NEW UPDATES 




APPLY ALL PATCHES 



TO COMPUTER 



680 



CLEAN RUNTIME SENDS 
PROTECTED "ADD" 
REQUEST (SEE FIG. 7) 



Fig. 6. 
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RUNTIME 
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CLEAN GROUP SERVER 
MOVES COMPUTER 
INTO CLEAN GROUP 
AND COUNTDOWN IS 
STARTED 
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ANOTHER^ 
"ADD"MESSAGl 
RECEIVED BEFORE 
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^COUNTDOWN?* 
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Fig. 7. 
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Q START 



ONCE COMPLIANCE CHECK HAS 
FAILED (EG., NEW UPDATES ARE 
AVAILABLE AND THEY CANNOT 
BE A UTOMA TIC ALL Y INSTALLED, 
OR THE UPDATE SITE IS 
UNREACHABLE FOR LONGER 
THAN ONE HOUR) THEN CLEAN 
RUNTIME SENDS "REMOVE" 
MESSAGE TO CLEAN GROUP 
SERVER 




HIDE OR ERASE 
COMPUTER DOMAIN 
CREDENTIALS, OR 
OTHER WISE INVALIDA TE 

CLEAN GROUP 
MEMBERSHIP THROUGH 
LOCAL ACTIONS 



TAKE ADDITIONAL STEPS ' 
AIMED A T PREVENTING 
DISCLOSURE OF SENSITIVE 
DATA OR ALLOWING VIRUSES/ 
HACKERS TO TAKE ADVANTAGE 

OF EXISTING CREDENTIALS 
(EG., HIDE EFS KEYS, LOG OUT 
A PRIVILEGED USER, ETC.) 



END \ 



Fig.8. 
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^ START \ 



1010 



NEW COMPUTER TO BE 
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COMPUTER ACCOUNT 
INTO DISABLED STA TE 
UNTIL PROVED TO BE IN 
COMPLIANCE 



END 



Fig.lOA. 
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Q START ^ 



1030 



NEW COMPUTER TO BE 
ADDED TO DOMAIN 



1040 



71 

PREDICATE DOMAIN JOIN 
OPERATION ONPROVEN- 
IN-COMPLIANCE STA TE BY 
REQUIRING CLEAN GROUP 
SER VER TO PARTICIPA TE 
IN THE DOMAIN JOIN 
OPERATIONS 
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^ END ^ 



Fig.lOB. 
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-1100 
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BOTH PERIODIC^ 
'COMPUTER SELF CHECl 
AND PERIODIC CLEAN 
GROUP SERVER CHECK 
ARE PROVIDED? 



NO 



YES 
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ONLY 
PERIODIC 
COMPUTER SELF 
CHECKIS 
PROVIDED? ' 



NO 



ONLY 
PERIODIC 
CLEAN GROUP 
SERVER CHECKIS 
PROVIDED? 



YES 



1150 



YES 



COMPUTER PERIODICALLY 
RENEWS ITS CLEAN GROUP 
MEMBERSHIP BEFORE IT 
EXPIRES AND CLEAN GROUP 

SERVER PERIODICALLY 
INITIATES COMMUNICATION 
WITH COMPUTER TO VERIFY 
ITS IN-COMPLIANCE STA TUS 
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COMPUTER PERIODICALLY 
RENEWS ITS CLEAN GROUP 
MEMBERSHIP BEFORE IT 
EXPIRES 
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CLEAN GROUP SERVER 
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COMMUNICATION WITH 
COMPUTER TO VERIFY ITS 

IN-COMPLIANCE STA TUS 
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Fig. 11. 



